Configure Sysdig Captures
Create a Capture File From an Alert
While configuring your alert in the Act section toggle on the Activate Sysdig Capture
| Parameter | Description |
|---|---|
| Storage | The storage location for the capture files. The default storage location is the Sysdig Cloud Amazon S3 bucket. To configure a custom S3 storage bucket, refer to Configure AWS Capture File Storage. |
| File Name | The name of the capture file. The default name includes the date and time stamp the capture was created. |
| Time frame | The period of time captured. The default time is 15 seconds; the maximum capture time available is 24 hours. The capture file size limit is 100MB. The capture time starts from the time the alert threshold was breached (it does not capture syscalls from before the alert was triggered) Note: Sysdig recommends using the default time to ensure captures are small and manageable. |
| Filter | Restricts the amount of trace information collected. For more information, including examples of available filters, refer to the Sysdig Github page. |
Create a Capture File Manually
To create a capture file:
From the Captures module, select option Take capture from the top right corner.
The Take Capture pop-up window will open.
Define the following parameters, and click the Start Capture button:
| Parameter | Description |
|---|---|
| Name | Capture file name |
| Host Name | Select a Host name from the drop down list |
| Container ID | Select a Container ID from the drop down list (optional) |
| Storage | The storage location for the capture files. The default storage location is the Sysdig Cloud Amazon S3 bucket. To configure a custom S3 storage bucket, refer to Configure AWS Capture File Storage. |
| Duration | The period of time captured. The default time is 5 seconds; the maximum capture time available is 300 seconds. The capture file size limit is 100MB. Note: Sysdig recommends using the default time to ensure captures are small and manageable. |
| Filter | Restricts the amount of trace information collected. For more information, including examples of available filters, refer to the Sysdig Github page. |
The Sysdig agent will be signaled to start a capture, and send back the
resulting trace file. The file will then be displayed in the Captures
module.
Download a Capture File
To download a capture file:
From the Captures module, navigate to the target capture file.
Select the target capture file.
Click the Download button on the right side of the screen.
A capture file will be automatically downloaded to your local machine.
Delete Capture Files
To delete a single capture file:
From the Captures module, navigate to the capture file to be deleted.
Click the three-dot menu, then select the Delete Capture option.
On the Delete Captures prompt, click the Yes button to confirm, or the No button to cancel.
To delete multiple capture files:
From the Captures module, select all Capture files that you want to delete.
Select the option Delete next to the number of selected captures in the top right corner.
On the Delete Captures prompt, click the Yes button to confirm, or the No button to cancel.
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.